Moving to the cloud: Big savings, but plan ahead

Some might say that San Diego-based Amylin Pharmaceuticals was pushed into the cloud. The 23-year-old company's data center had been running at 100% capacity and IT executives feared inevitable performance problems, but the company was reluctant to build another site due to the poor economic climate.

"We had already done significant virtualizing of our servers and couldn't cram anything more onto our data center infrastructure. The only thing we could do to relieve the pressure was to start moving legacy applications to the cloud," says Todd Stewart, senior director of IT operations.

Some applications, such as e-mail, were switched to a software-as-a-service model so that IT could offload the application and infrastructure management to a service provider. However, there were other applications, including human resources and enterprise monitoring, that Stewart and his team wanted to closely manage without having to deal with the underlying infrastructure. To handle this delicate balance, he turned to infrastructure as a service (IaaS) through the public cloud.

With public cloud IaaS, organizations pay per use or per cluster of resources for an external cloud service provider to host their virtual servers. These types of services are available from Amazon, Google, HP, IBM, Microsoft, RackSpace, Sun Microsystems, Terremark Worldwide and telecom companies, among others.

IT maintains control over the applications without worrying about configuring, upgrading or patching servers and other infrastructure. If a department needs to deploy a new application, IT simply loads that application onto the service provider's virtual server and the software is available to users.

Infrastructure-as-a-service checklist

* Cost comparisons that include maintenance, heating and cooling

* Software licensing

* Security safeguards

* Latency/performance issues

* Contractual safeguards

* Regular reviews

In a recent report, Forrester Research found that about 25% of all enterprises surveyed plan to adopt IaaS via an external provider.

Most that go this route can expect tremendous savings, according to Lynda Stadtmueller, senior research analyst with Frost & Sullivan's Stratecast division. In a recent study, she found that a small business that migrated four of its servers to the cloud, essentially shutting down its on-premises data center, realized a 50% savings. Although it involves a small business, she says the statistic is relevant because "it's unlikely that a larger business will migrate its data center infrastructure all at once or completely."

In other words, even a larger company would migrate only a few servers at a time, so those numbers translate to what even larger companies are likely to be doing.

Savings arise from deferred costs for equipment upgrades and maintenance, power, and decreased labor costs. Most data centers provision for peak activity but operate at low utilization rates, thereby wasting valuable resources.

Bernard Golden, CEO of consultancy HyperStratus and author of Virtualization for Dummies, agrees that IaaS offers IT a lifeline when it comes to rising data center costs and real estate constraints. It offers IT the opportunity to reduce the data center management burden, yet improve customer service, he says.

Warnings about compliance, among other things

However, Golden warns that along with these positives come a lot of considerations, including how to efficiently migrate data to the cloud, handle security of data stored in the cloud, meet compliance demands, avoid software licensing snafus, test for latency problems and get applications and data back if IT executives change their minds or break with their cloud providers.

Amylin's Stewart says he and his team tackled all of these issues before moving his legacy applications into the cloud. In fact, before he even moved a single byte, he formed a "tiger team" to study the 50 to 60 services that his IT team provides and determine which were ripe for IaaS. "We looked at expenses surrounding licensing, maintenance, labor, power and infrastructure support. Then we stack-ranked each service according to its cost to see if we could deliver it via a less-expensive channel such as IaaS," Stewart says.

"Until you have a good sense of what you're spending by application, then you can't really make intelligent decisions," he says. This prioritizing also enabled Stewart and his team to show business leaders the impact of moving their applications off-site. "The business may think they want five 9s of availability, but the lower cost of an IaaS might be more appealing," he says.

Amylin's IT team identified applications, such as testing and development, human resources and enterprise monitoring, among others, that were key to the business but did not require the infrastructure to be on-site. He advises his peers to consider applications that are more back-office and less customer-facing.

Considerations beyond cost

After reviewing the cost of supporting applications in-house, the next step is to put each application through filters such as control, performance, architecture and licensing, and security. Does compliance dictate that IT must have total control over the application infrastructure? That will be difficult, since public-cloud providers rely on virtualization to keep costs low. Therefore, data will probably be moved around physical hosts as well as data centers to keep loads well balanced. If a business need dictates the requirement to pinpoint the exact location of data, then a public cloud is not really a good option.

Some of Amylin's data falls under the FDA's validation rules. Stewart says it would be too difficult to prove compliance if that data was in the public cloud and using shared resources, so he keeps that information in-house.

Chad Swartz, senior manager of IT operations at Chicago-based Preferred Hotel Group, had a similar concern when he migrated his entire data center infrastructure to Terremark's Miami facility. Swartz had chosen a wholesale move of his Citrix, SQL, Exchange, SharePoint and homegrown hotel applications because he was facing a $250,000 capital expenditure cost for a renovation of Preferred Hotel's on-site data center. His 250-employee company had already given its blessing to use Terremark for backup and disaster recovery, so he was able to make the case it would save even more money by moving infrastructure management to a cloud-based cluster of 16 physical servers.

The one catch: Because the company deals with credit card transactions, it must follow the Payment Card Industry Data Security Standard, which requires physical control over servers handling that data. To avoid any complications, Swartz makes sure all credit card transactions go directly to a third party and he avoids keeping any of that data on his outsourced infrastructure.

Performance not always a problem

Once compliance implications have been examined, the next step is to determine whether applications will take a performance hit. Software that had been living on a LAN will now be accessed over the WAN, and that will likely mean some sort of delay, Stratecast's Stadtmueller says.

"Distance always adds latency to an application. When users engage in chatty, transactional applications, they expect immediate responses. Network delays of just a few milliseconds can cause them to be frustrated," she says. In a public cloud environment, "IT has little or no control over the network path, and that makes it dicey for some latency-sensitive applications," Stadtmueller adds.

But cloud doesn't always mean slower. Jason Harper, vice president of technology at Morgans Hotel Group in New York, says customer satisfaction has increased at his shop because end users are accessing their files faster via the cloud. "We've sped up access, as a lot of our users travel and remote access to our data center was slow," he says.

The same application speed-up can happen on a global basis, with business users having better access via a cloud provider's bigger bandwidth than they did to in-house servers. One strategy is to limit the application to updating itself once or twice each day, instead of hourly, for example, to keep performance issues to a minimum.

Look at licensing

Other considerations include architecture and licensing. With a three-layer application, it would be problematic to, for instance, put the database in the cloud and keep the other two layers on-site. That could cause significant delays as the application tries to reach back into the data center to share information.

That back-and-forth can also impact pricing. "The financial model for the cloud rewards applications that are entirely within the cloud provider. It starts getting sketchy if data has to move around a lot," says Joe Tobolski, director of cloud computing at consultancy Accenture in Chicago. Tobolski both advises customers about cloud and helps with Accenture's in-house cloud efforts.

Some licensing agreements that are hard-coded to a physical box might make it impossible to shift to the cloud and virtual servers. Preferred Hotel Group's Swartz considered licensing when he moved his servers into the cloud. While he stuck with his existing per-server licenses, he recommends that others making the move to the cloud consider buying enterprise licenses instead, because they offer more flexibility. "I treat my current Microsoft agreement like everyone else," with one license per physical server, Swartz explains. "We are currently not leveraging the virtual licensing aspects that Microsoft affords to virtual servers," he notes, adding that if he could do it over, he would choose differently.

Another consideration is security. Golden and Stadtmueller both contend that most IaaS providers have better security than currently exists in the majority of customer data centers and include encryption, VPNs and dedicated staff. But they suggest that there are some applications that should remain on-site, including those holding corporate intellectual assets, sensitive employee information or private customer data.

A final consideration is understanding what it will take to migrate the application and all related data into the cloud. Some companies, including start-up CloudSwitch, CohesiveFTP and Amazon, have products to help users make the move securely.

Not all legacy applications will move over right away. Accenture's Tobolski says there are many legacy applications that enterprises won't move simply because they're afraid of the consequences. For instance, some companies are using homegrown programs to support financials or customized software for client databases. "No one wants to take responsibility if an application that has worked since its birth suddenly fails because it was moved to the cloud," Tobolski says.

Another key issue is to figure out what alterations, such as virtualization, are required to enable application migration.

Migration time

Stewart's tiger team started slowly with self-contained, non-mission-critical applications such as testing and development so they could learn the ins and outs of moving to the cloud. "We have to build up a little more confidence of what will and won't work. Until then, we're not quite ready to put important systems such as our ERP financials out there," Stewart says.

Morgans Hotel's Harper says he's also taking baby steps into the public cloud. "The economy has left us short on staff and on budget for infrastructure. Each time we take on a new project, it increases the data center space we need."

Although he eventually hopes to move a large portion of his data center to an IaaS provider, he wants to determine the potential impact first.

To that end, Harper has sampled the public cloud by moving file servers at more than a dozen hotels worldwide over to Google. "Traditionally, we'd have a file server at each one of our sites, but that takes a lot of effort," he says. "It's a huge benefit to not have to manage the hardware and keep it healthy and administer it every day."

So far, he's had a great response to the move in terms of cost reductions. "We've been able to reduce the amount of infrastructure we have to replace, power and cool," he says.

While Morgans Hotel Group is proceeding slowly, Preferred Hotel Group is all-in, and that means having a solid fallback plan. Swartz included a provision in his service-level agreement to ensure that if his company and Terremark should part ways, the vendor will help it either get up and running with a new provider or move its applications back on-site. "That assurance was critical to gaining executive buy-in," he says.

Learning to be flexible

Amylin is well on its way to making more use of the IaaS model. Now that the team has its feet wet, it's begun to see more opportunities, including supporting infrequent or seasonal applications. For instance, it moved a batch-processing application to the cloud in order to avoid the hassle of procuring and provisioning servers for a program that is used once a month at the most.

The team has also started to rely on the public cloud to pilot new applications and carry out research and development. "Using the public cloud, we can quickly stand up servers to test-drive new projects, and if they don't work, we can simply turn them off with no capital investment," Stewart says.

The public cloud has been instrumental in providing a high-performance computing environment for the company's protein research team. There are two or three applications the team uses that require hundreds of servers, but not all the time -- that's not the type of environment the IT group could offer easily and cost-effectively on-site.

"The public cloud is great for short-term usage, since very few enterprises have spare servers lying around anymore. Instead, it enables IT to have a quick response to new projects without having to preplan," Stratecast's Stadtmueller says.

But she warns that this low barrier to entry comes with some challenges for the enterprise, including maintaining control of data. Cloud computing is so easy that you don't need IT decision-makers to get up and running. End users might jump across IT to put things in the cloud themselves.

The lure of public cloud IaaS is certainly strong, and experts across the board predict that enterprises will take to it in some fashion or another to avoid expanding their data center footprints and to reduce the cost of supporting an agile business.

Stewart is definitely a believer. Although the public cloud has not been a silver bullet for all his data center woes, he contends it has lifted a significant burden. "If moving to the cloud only alleviates 20% of the load on our data center," he says, "it still represents an enormous reduction in cost. And as it matures, we'll be sure to take further advantage of it."

Sandra Gittlen is a freelance technology writer in the greater Boston area. She can be reached at sgittlen@verizon.net.